Why Registries Must Never Become Enforcers
A registry’s role is administrative, not punitive. Confusing the two is one of the most dangerous mistakes in Internet governance.
A registry exists to maintain accurate records: who is using which number, and under what documented procedures. It is, in essence, an address book. Asking such an institution to police behavior, impose penalties, or “punish” participants is a category error. You do not use an address book as an instrument of enforcement.
Withholding or revoking a fundamental registry service—such as assigning or maintaining an address—because an organization “did or did not do X” is irrational and unprecedented in any responsible system. It is equivalent to refusing to give a house a street address instead of contacting law enforcement or going through proper legal channels. No credible governance framework operates this way.
This is not an argument against rules. Rules are essential. Compliance matters. But rules that carry consequences must be defined and enforced by sovereign legal systems: courts, regulators, and governments. A voluntary registry has no sovereign authority. It cannot act as police, prosecutor, and judge. When it attempts to do so, it undermines its own legitimacy and the trust of the networks that depend on it.
Much of the current confusion comes from conflating two fundamentally different domains:
• Community platforms (mailing lists, forums, working groups)
• Number-resource administration (the registry function)
A registry is free to moderate its mailing lists or manage participation in community discussions. That is an internal platform issue. It has nothing to do with number resources.
Number-resource administration sits on a different legal, operational, and governance layer. Authority there is administrative, not discretionary. A registry cannot “ban” someone from holding number resources because it dislikes their conduct, disagrees with their views, or feels pressured by a subset of the community. The fact that a registry can moderate a discussion does not grant it the power to weaponize the address book.
Failing to separate these layers leads directly to instability. Essential Internet infrastructure is treated like a social-media moderation problem, where access can be revoked based on sentiment, interpretation, or internal politics. That is how trust is destroyed.
This risk is amplified by the reality of the so-called “community” model. In practice, it consists of a small, self-selected group of active participants—often a few dozen individuals—who are neither representative of the global membership nor accountable to any broader public. Yet their opinions can affect networks operating across vastly different legal, cultural, and political environments. From Saudi Arabia to the Netherlands, governance norms and legal expectations diverge fundamentally. Expecting such a small group to define and enforce rules as if they had universal legitimacy is unrealistic.
What began decades ago as a voluntary coordination mechanism has become part of the critical infrastructure of the global Internet. In that context, the old notion of “we can choose not to play with you” no longer applies. Universal, nondiscriminatory access principles must govern.
The correct separation of functions is clear:
• Registries maintain records and execute transfers according to defined procedures.
• Enforcement and punishment, when warranted, belong exclusively to sovereign authorities.
When a registry moves beyond its mandate and uses essential administrative functions as leverage, it does not create accountability. It creates unpredictability and invites abuse.
The principle is simple but non-negotiable:
Administrative bodies must stay within their mandate, and critical infrastructure must never depend on the opinions or preferences of a few individuals, however well-intentioned they may be.
That distinction must not be blurred.
